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[57] ABSTRACT 

A secure memory card includes a microprocessor on a 
single semiconductor chip and one or more non-volatile 
addressable memory chips. The microprocessor chip 
and non-volatile memory chips connect in common to 
an internal card bus for transmitting address, data and 
control information to such non-volatile memory chips. 
The microprocessor includes an addressable non- 
volatile memory for storing information including a 
number of key values, application specific configuration 
information and program instruction information. Each 
chip's memory is organized into a number of blocks or 
banks and each memory chip is constructed to include 
security control logic circuits. These circuits include a 
number of non-volatile and volatile memory devices 
which are loaded with key and configuration informa- 
tion under the control of the microprocessor only after 
the microprocessor has determined that the user has 
successfully performed a predetermined authentication 
procedure with a host computer. Thereafter, the user is 
allowed to read out information from blocks only as 
defined by the configuration information. 

26 Claims, 5 Drawing Sheets 
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_ h °W both programs and data. While password protec- 

S»£IURE MEMORY CARD tion is often used in these systems, it does not com- 
PAnrrorMTKm m ~™ pletely protect sensitive data because, first, the authenti- 

BACKGROUND OF THE INVENTION cation agent is itself vulnerable. However, more signifi. 

1. Technical Field 5 cantly, the disk drive containing the data can be physi- 
This invention relates to the field of portable personal removed and accessed in a setting more conducive 

computers and more particularly to mamtaining systems to data analysis. In this case, only some form of encryp- 

for data security in a portable digital information envi- tion is capable of protecting the data. The nature of disk 

ronment. access makes this possible without undue performance 

2. Description of the Prior Art 10 or cost barriers. An example of this type of system is 
The security of personal information has forever been described in U.S. Pat No. 4,985,920 entitled, "Inte- 

a concern. It has been ensured by locks, codes and grated Circuit Card." 

secret pockets. As information has taken new forms, The recent emergence of the flash memory and re- 
new methods have been required to meet the changed movable "memory cards" has allowed major reductions 
Ut S . _ . , . 15 in size and power requirements of the portable com- 
dr^hfiT y f formation has been ad- puter. The flash memory combines the flexibility of 
!S? ? ' «*natures, credentials and photo- random access memory (RAM) with the permanence of 
graphs. Electronic devices ; such as automatic banking disks. Today, the coupling of these technologies allows 

3S33525S5SP - g^s&arssSfjs 

More recently the "Smart CW 5 h!? ESXi a * t0 appCaf to . a host system cither 

security tool. T*e "Smart Caro^ is a^ScTm 5 ? tt QOntBllie ! m V^^ional disk drive or as 
puter with writable, non-volatUe memoTanTa^e tl^"£ fT™ ° * C ^T"?* 15* 
input/output interface, fabricated as a single chip and 25 developments have made further reduc- 

embedded in a plastic "credit card". It has exterior pads tl0D ."! 1 SyStem ™ P°f ,bl ? t0 cxtcnt « ma V ** 
to allow it to be connected to specially designed equip- "V? P ? cket rathcr thanma handbag or briefcase, 

ment. The program contained in the card's inicrocom- Thus, the data and its host system have become more 
puter interacts with this equipment and allows its nqn- Y^ er f bIe t0 loss or Md simultaneously more 
volatile memory data to be read or modified according 30 ™™ cxlit to protect memory data by encryption as this 
to the desired algorithm which may optionally include P resents ™S OT ccf and performance barriers, 
a password exchange. Special techniques have been Accordingly, it is a primary object of the invention to 
implemented to protect the memory information and to Provide a portable digital system with a secure memory 
allow varied permissions according to the situation. For subsystem. 

example, U.S. Pat. No, 4,382,279 entitled, "Single Chip 35 lt * another object of the invention to provide a 
Microprocessor with On-Chip Modifiable Memory" memory card which can be protected if removed from 
discloses an architecture which permits automatic pro- a portable digital system. 

gramming of a non-volatile memory which is included ' s st *H a further object of the present invention to 

on the same chip as a processing and control unit. As in provide a memory card in which the chips of the card 
other systems, the microprocessor only protects mem- 40 m protected if removed from such card, 
ory on the same chip. 

The "Smart Card" has been used both to facilitate the SUMMARY OF THE INVENTION 

process of identification and to be the actual site of the The above objects are achieved in the secure card of 
valued information. In this situation, as in most past a preferred embodiment of the present invention. The 
situations, physical presence of a "key" as well as some 45 secure memory card includes a microprocessor on a 
special knowledge has been used as part of the verifica- single semiconductor chip and one or more non-volatile 
tion or authentication process. In such above cases, addressable memory chips. The microprocessor chip 
identification has been a dialog between the person and nonvolatile memory chips connect in common to an 
desiring access and a fixed agency such as a security internal card bus for transmitting address, data and 
guard or an automatic teller machine. 50 control information to such non-volatile memory chips. 

The current state of portability of freestanding com- The microprocessor includes an addressable non- 
puting devices makes it possible for both the physical volatile memory for storing information including a 
key and the authentication agent to be small, portable number of key values, configuration information and 
and hence more subject to loss or theft. Further, com- program instruction information for controlling the 
puting devices make it possible to perform repeated 55 transfer of address, data and control information on the 
attempts to guess or deduce the special knowledge or internal bus. The chip memory is organized into a num- 
password associated with the identification process. ber of blocks or banks, each block having a plurality of 
This is especially true if the authentication agent or addressable locations. 

device is also in the control of the thief or burglar. To According to the present invention, each memory 
make matters worse, technology now allows and en- 60 chip is constructed to include security control logic 
courages the carrying of enormous amounts of sensitive circuits. In the preferred embodiment, these circuits 
information in a pocket or handbag where it is subject include a non-volatile lock memory, a non-volatile lock 
to 3™P' . . storage enable element and a volatile access control 

Today, notebook and subnotebook sized computers memory, each being loadable under the control of the 
provide a capable freestanding environment which aJ- 65 microprocessor. More specifically, the microprocessor 
lows for significant computing power and thus creates a first loads a lock value into the non-volatile lock mem- 
— 11 . L addltlonal data storage capability. This has ory and resets the lock storage enable element inhibiting 
initially been met by miniature hard disk devices which access. Thereafter, the microprocessor loads the access 
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control memory as specified by the configuration infor- power from a powered off condition, access is blocked 
mation. Such information is loaded only after the micro- to protected memory contents until the first authentica- 
processor has determined that the user has successfully tion is successfully performed, 
performed a predetermined authentication procedure Thus, if either the memory card or its host processor 
with a host computer. The security logic circuits of 5 is lost, stolen, powered off or left unattended, the mem- 
each memory enable the reading of information stored ory's data is protected from access, either immediately 
in selected addressed blocks of the flash memory as a or as soon as the current periodic authentication ex- 
function of the configuration information loaded into pires. In the event of theft, the memory data is protected 
the memory chip's access control memory. Periodi- from access even if the memory card is opened and 
cally, the user is required to successfully perform an 10 probed electronically or the memory chips are removed 
authentication procedure with the host computer, and and placed in another device. 

the user is allowed to continue reading information as The above objects and advantages of the present 
allowed by the access control memory. In the preferred invention will be better understood from the following 
embodiment, the host computer is coupled to the mem- description when taken in conjunction with the accom- 
ory card through a standard interface such as the inter- IS panying drawings, 
face which conforms to the Persona) Computer Mem- 
ory Card International Association (PCMCIA) stan- BRIEF DESCRIPTION OF THE DRAWING 
dards. FIG. 1 shows an overall block diagram of a system 

The present invention melds the "SmartCard" and which incorporates the memory card constructed ac- 
"memory card" technologies which is key to allowing 20 cording to the present invention, 
the protection of the large amounts of data made possi- FIG. 2 shows in greater detail, the access control 
ble by the flash memory technology in the "security processor (ACP) of FIG. 1 including a layout of its 
harsh** environments which electronic miniaturization non-volatile memory. 

has created. Further, the present invention is able to FIG. 3 shows a detailed block diagram of a standard 
take advantage of improvements and enhancements in 25 flash memory of FIG. 1 modified according to the pres- 
both technologies. cnt invention. 

Additionally, the security logic circuits of the present FIGS. 4 and 5 are flow charts used to explain the 
invention are incorporated into and operate in conjunc- operation of the memory card of the present invention 
tion with the flash memory in a way that minimizes the in carrying out various authentication procedures, 
amount of changes required to be made to the basic 30 

logic circuits of the flash memory. More specifically, DESCRIPTION OF THE PREFERRED 

the flash memory can be operated in a secure mode and EMBODIMENT 
in a non-secure mode wherein the security logic circuits FIG. 1 is a block diagram of a secure portable hand- 
are bypassed enabling the flash memory to operate as if held computing system 1 usable as a personal computer 
such circuits had not been installed. The non-secure 35 or as a transaction processor. System 1 includes a mem- 
mode is normally entered when the contents of the flash ory card 3 constructed according to the present inven- 
memory's non-volatile lock memory are cleared. This is tion which connects to a host processor 5 by a bus 102. 
generally indicative of an unprogrammed or fully The host processor 5 may take the form of a palm top 
erased flash memory which naturally erases to a prede- personal computer, such as the HP 95LX manufactured 
termined state (i.e. an all ONES state). 40 by Hewlett-Packard. The host processor 5 includes a 

With the addition of a small amount of logic to the liquid crystal display (LCD) 5-2, a keyboard 5-4, a mi- 
flash memory and an "Access Control Processor" croprocessor 5-6, a memory 5-8 and a serial interface 
(ACP) , the contents of the flash memory is made secure 5-10 all coupled in common to a bus 106. The memory 
without requiring data encryption. Therefore, the in- 5-8 includes a one megabyte read only memory (ROM) 
vention eliminates the overhead of encrypting and de- 45 and a 512 Kbyte random access memory (RAM), 
crypting data which can be quite time-consuming for The connection between the memory card 3 and host 
large blocks of data. processor 5 is established through a standard bus inter- 

In operation, the ACP periodically prompts the user face. In the preferred embodiment, the bus 102 con- 
of the system for entry of some form of authentication. forms to the Personal Computer Memory Card Interna- 
This may be a password, a PIN, a specific pen computer 50 tional Association (PCMCIA) standard. The interface 
"gesture" performed at a specific point on the writing 102 provides a path for transferring address, control and 
surface, a spoken command or a *Voiceprint" of the data information between host processor 5 and the 
user. The method varies with the system. The program- memory card system 3 via a standard interface chip 104 
mable ACP allows the user to alter the specific content and a memory card bus 105. Each of the buses 102, 105 
of the authentication and the frequency of prompting. 55 and 106 include a data bus, a control bus and an address 
The code for authentication and the data required by bus and provide continuous signal paths through all like 
the lock and access control memories are stored within buses. For example, bus 105 includes address bus 105a, 
the ACP's non-volatile memory which is on the same data bus 1056, and control bus 105c 
chip as the ACP and, hence, are protected. The PCMCIA bus standard has evolved from a stan- 

As mentioned, a successful authentication causes the 60 dard which supports disk emulation on memory cards 
ACP to enable, or continue to enable, all or selected to a substantially different standard which allows ran- 
blocks of the flash memory for access. Failure causes dom access to memory data. The memory card of the 
access to the flash memory to be disabled. Thus, the present invention provides a protection technique 
operation is similar to a "dead man throttle" in that any which supports this new standard by providing rapid 
failure to successfully complete authentication will 65 access to random memory locations without resort to 
cause the flash memory's data to be protected. In addi- encryption techniques. By controlling the data paths 
tion, a command initiated by the user can also cause which carry the data from the memory array to the 
access to be disabled. Further, upon first application of host, the memory card of the present invention protects 
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the data without imposing any time-consuming buffer- 
ing, decryption or other serial processing in this path. FLASH MEMORIES 103a through 103n 

Typically, a user operates system 1 from the key- FIG. 3 is a detailed block diagram of flash memories 
board 5-4 to perform the typical operations such as 103a through 103* Only the detailed logic circuits of 
spreadsheet and database functions which display infor- S memory 103a are shown since memories 103* through 
nation on display 5-2 and update information stored in 103n are constructed identically to memory 103a 
files in memory card 3. The host processor 5 sends The flash memory 103a basically comprises two sec- 
address information over bus 102 to retrieve informs- tions, a section containing the security access control 
tion and ^ desired, updates Ae information and sends it, circuits of the present invention and another section 
along with the necessary address and control infonna- containing the basic or standard logic circuits of the 
toon back to memory card 3. flash memory. 

As shown in FIG. 1, the memory card 3 of the pres- 
ent invention includes an access control processor Security Access Control Section 
(AQP) 10 coupled to bus 105 and a number (n) of 15 As seen from FIG. 3, the security control circuits of 
CMOS flash memorj r chips 103a through 103* each tf, e present ^tnton mclude a 32 . D „ ^ registeri a 
coupled to bus 105. ACP 10 is typically the same type of 32-bit volatile lock register 33, a 1 2-bit delay counter 32, 
SnLZ^m I ^'i ^ • «^ circuits, an all ONES deLted signal 
f^XlZZ I ^i'^r?*^ »• • »on-voUtile lock memory 35, a oniZ 
form of flash memory chips manufactured by Intel Cor- 20 non-volatile lock storage enable element 36, a volatile 

s^iti^sfx ^rs^VtoTt^r 

memones. Thus, a 4-MBYTE flash memory card could ■ , . , , - . . 

include 32 CMOS flash memories, that is V-3Z " ^tT?tl*t * heX ? deCUnaI 

values (e.g. 31H through 38H) from a command register 

ACCESS CONTROL PROCESSOR 10 SO included in the basic logic section. These signals 
FIG. 2 shows in block diagram form, the access con- m *^* * e different data values of Ae set of commands 
trol processor (ACP) 10 of the preferred embodiment r ?*l Ved * y *L?™ d rCgBtCr 50 fr ° m ACP 10 
As shown, ACP 10 includes a protected non-volatile 30 da * buS } 0Sb ' TbeK commands are important 
memory 10-2, a random access memory (RAM) 10-4, a « tension t0 of commands normally used by the 
microprocessor 10-6, an interval counter 10-8 and an memory. The standard flash memory commands 
interface block 10-10 connected to bus 105. Non- take fonn of ^ commands utilized by the 
volatile memory 10-2 dedicates a number of addressed 28F001BX flash memory. Those commands are de- 
locations in which to store authentication information «nbed in the publication entitled, "Memory Products," 
and programs. More specifically, memory locations P* 011 ^ by Intel Corporation, referenced herein. The 
10-2a store one or more personal identification numbers commands used by the present invention are described 
(PINs), protocol sequences or other identification infor- m J a !? le } ' 

mation for verifying that the user has access to the 40 Refcrrin S t0 Table 1, the first command shown is a 

system, and for identifying the blocks in flash memories load lock memorv command which is used to initially 

103a through 103« that the user may access in addition load ? TSRdom number generated lock value into non- 

to a time interval value used for reauthentication. volatile lock memory (LM) 35 in each memory 103a 

Memory locations 10-2£ store the key values used for through 103ft. Each memory 103a through 103ft may 

protecting each of the flash memories 103a through 45 bave a different lock value or the same lock value de- 

103/1 or the codes used to protect the individual blocks pending on the security needs of the users. The lock 

of each of the flash memories 103a through 103«. value * loaded mt o LM 35 through key (K) register 31 

Memory locations 10-2c store the program instruc- mdcr control of the one bit, non-volatile storage ele- 
tion sequences for performing the required authentica- mcnt ^* The rcsct lock storage enable command of 
tion operations and for clearing the system if the preset 50 TaWe 1 used to reset storage element 36. This pre- 
conditions for failure are met. Certain program instruc- vcnts tbe loclt Vft lue stored in LM 35 from being 
tions enable the user to control the setting of the inter- changed since storage element 36 once reset by the reset 
val counter 10-8 which establishes when user re-authen- lock storage enable command cannot be set. The non- 
tication takes place. The reauthentication interval de- volatile contents of LM 35 are transferred to the L 
fines the time between interruptions and for sending an 55 register 33 on power-up. It will be noted that the loca- 
interrupt to the host processor 5 requiring verification t* on or site of lock memory 35 is design dependent. For 
of the user's identity by having the user reenter the PIN example, memory 35 could be implemented as an exten- 
or other password. The interval counter 10-8 receives sion to memory array 54. 

clock pulses from the host processor 5 over bus 102 and ^ The load key register command of Table 1 is used to 

can be set by the user according to the work environ- load the key register 31 and set the delay counter 32. 

ment. For example, at home, the user may turn the timer The decrement delay counter command is used by the 

off (i.e., set it to a maximum value) , or set the time ACP 10 to decrement by one, the contents of the delay 

interval to one hour. On an airplane the user may set it counter 32. The read allow memory bank and read 

for ten minutes for increased protection. As described 65 disable memory bank commands are used by the ACP 

herein, the user is prompted to re-examine the setting of 10 to enable or disable access to the different memory 

this interval at every "power on" thereby forcing peri- blocks of memory array 54 during loading of the access 

odic re-authentications to enforce security. control memory 43. 
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TABLE 1 



COflDBUIld 

Load Lock 
Memory 
Reset Lock 
Stonge Enable 
Load Key 
Register 
Decrement De- 
lay Counter 
Read-Allow Mem- 
ory Bank 
Read-Disable 
Memory Bank 



First Bus Cycle 
Operation 


Address Data 


Second Bus Cycle 
Operation Address 


Data 


Write 


31H 


Write 


N/A 


Write 


33H 


N/A 


N/A 


Write 


32H 


Write 


Key Data 


Write 


35H 


N/A 


N/A 


Write 


MBA 34H 


Write 


MBA 


Write 


MBA 38H 


Write 


MBA 



Load Lock Memory (3 1H) 

ThMCOinfflindoof)»theoc»taUof the key register 31 mto the Mo-vcJanle k>ck memory 35 ifandonly if tbc 
kick storage enable 36 output signal is TRUE. 
React Lock Storage Enable (33H) 

Thii command resets the lock storage enable logic dement 36, Urns inhibiting loading or changing the lock 
storage memory 33. 
Load Key Register (32H) 

This command shifts the prior contents of the key register 31, one byte (LSB toward MSB) and loads "Key 
Varae" from ACP 10 into the key register LSB. Further, it sets the Delay Counter 32 to hi maximum value, 
eg., all ONES. 

Decrement Delay Counter (35H) 

This command decrements the delay counter 32 by ONE The delay counter must equal ZERO to allow 
subsequent reading of the memory array 54. 
Read-Allow Memory Bank (34 H) 

This command sett the bit corresponding to the memory bank address (MBA) in the access control memory 43 
if and only if the access modification allowed signal 37 is TRUE. This allows read access to the selected bank. 
Read-Disable Memory Bank (3SH) 

This command resets the bit corresponding to the memory bank address in the access control memory 43. 



Considering Table 1 in greater detail, it is seen that 
Table 1 also shows the bus cycle operations for each of 
the added commands. For each command requiring two 
bus cycles, during each first bus cycle, the command 
register 50 receives an 8-bit command generated by 
ACP 10, sent via the data bus 105a of bus 105 and an 
input buffer 51. Command register 50 conditions the 
selected logic element to receive from data bus 1056, 
the information required to execute the command dur- 
ing a second bus cycle. As indicated, the second bus 
cycle is designated not applicable (N/A) since the reset 
lock storage enable and decrement delay counter com- 
mands need only one cycle for execution. 

During normal operation, the K register 31 is loaded 
with the key value received from memory locations 
10-26 by a load key register command and delay 
counter 32 is set to its maximum value. Delay counter 
32 is decremented to all ZEROS in response to succes- 
sive decrement delay counter commands received from 
the ACP 10 and generates a zero count output signal 41 
which is applied as an input to AND 34. 

Each delay counter 32 limits the number of tries or 
attempts which can be made to access the flash memo- 
ries 103a through 103n in the case where a thief re- 
moves the chips and places them upon the "outlaw 
card" and programs a processor or equipment to repeat- 
edly try to guess each memory chip's key. Stated differ- 
ently, counter 32 ensures that a significant number of 
tries or attempts must be made in order to gain illegal 
access to the flash memories. The key and delay counter 
sizes are selected to require such testing to take an un- 
reasonable amount of time. 

More specifically, the Key Register 31 stores approx- 
imately 4 billion (2 32 ) different combinations. In the 
preferred embodiment, the delay counter 32 is a twelve- 
bit counter. Assuming the delay counter 32 is decre- 
mented once each microsecond, it will require 2 12 or 4 
milliseconds per attempt at guessing the key value. The 
ACP 10, knowing the correct key value, incurs only a 
four millisecond delay in the initial setup. Random at- 
tempts to guess the key value will require 2 31 tries for a 



50% chance of success. This would require 231x212 

30 microseconds or 102 days to guess the key value. This 
time is sufficient to deter most thieves. Of course, a 
longer or shorter time could be provided by modifying 
the sizes of the key and delay counter 32. 
In the case where the memory card of the present 

35 invention is stolen and is put into an "outlaw host, 1 ' the 
ACP 10 limits the number of tries by the thief to guess 
the PIN by known techniques. Such techniques may 
include locking access or destroying data if a threshold 
of incorrect guesses is exceeded. 

40 During an initial authentication operation for flash 
memory 103a, a key value is loaded into the 32 bit K 
register 31 in response to four successive load key regis- 
ter commands (i.e., data bus 1056 is a byte wide bus). 
Delay counter 32 is forced to its matimum count of 

45 (ALL ONE'S) and decremented by the ACP 10 send- 
ing decrement delay counter commands on successive 
first bus cycles. When the delay counter 32 is decre- 
mented to ZERO, it generates the zero count signal 41 
which is applied to one input of AND gate 34. 

50 If the key value stored in the K register 31 equals the 
lock value stored in the corresponding L register 33 
indicating that the user provided the proper identifica- 
tion to the host processor 5, then compare logic 39 
applies an equals compare signal 42 to another input of 

55 AND gate 34. This causes AND gate 34 to generate an 
access modification allowed signal 37 at its output, 
which enables -writing to access control memory 43, 
under the control of ACP 10. This, in turn, subsequently 
allows the reading of memory array 54. 

60 The access control memory 43 contains volatile stor- 
age of one bit for each block/bank of the memory array 
54. These bits are cleared to ZERO as part of the flash 
memory's power up sequence. In order for data to be 
read from the memory 103c the bit corresponding to 

65 the addressed memory block must be at logical ONE. 
These bits are set by the ACP 10 issuing read-allow 
memory bank commands if and only if the access modi- 
fication allowed signal 37 is TRUE. 
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As shown in Table 1, during the second bus cycle of enabled. That is, when lock register 33 contains "ALL 
the read-allow memory bank command, the three (3) ONES," this generates a signal from ALL ONES de- 
high order address bits of the selected memory bank of tector element 38 to the OR gate 45 to enable the output 
memory array 54 are sent over address bus 105c as well buffer 52. This effectively places flash memory 103c in 
as a repeat of the hexadecimal command identifier being 5 non-secure mode. This allows all of the security logic 
sent over the data bus 105a to command register 50. circuits of the present invention to be bypassed. Hence, 
This results in a ONE being written into the addressed the same flash memory chip can be used for both secure 
bit location in access control memory 43. In the pre- and non-secure applications, thus resulting in produc- 
ferred embodiment, the read-allow memory bank com- tion economies, 
mand sequence is repeated eight times since the mem- 10 

ory array 54 is organized into eight banks of 16K bytes Flash Mcmorv Ba »c Logic Circuits 
each. The ACP 10 may restrict access to selected banks As shown in FIG. 3, such circuits include a memory 
by issuing a sequence of read-disable memory bank array 54, a command register 50, input/output logic 
commands in a similar manner. circuits 60, an address latch 56, a write state machine 61, 
The output of the access control memory 43 of the 15 erase voltage system 62, an output multiplexer 53, a data 
present invention is applied as an enabling input to out- register 55, input buffer 51, output buffer 52 and a status 
put buffer 52 during each flash memory read cycle register 58, as shown. The basic logic circuits of flash 
when the contents of a location of any bank of memory memory 103o as discussed above, takes the form of the 
array 54 is being read out That is, a read cycle may type of circuits included in the flash memory designated 
occur, however, the data read out is inhibited from 20 as 28F001BX manufactured by Intel Corporation. Since 
passing through output buffer 52 in the absence of the such circuits are conventional, they will only be de- 
appropriate bank's access control memory gating signal. scribed to the extent necessary. For further information 
More specifically, in the case of the preferred embodi- regarding such circuits, reference may be made to pages 
ment, access control memory 43 includes eight individ- 3-109 through 3-134 of the publication entitled, "Mem- 
ually addressable bit storage elements, an input address 25 ory Products," order Number 210830, published by 
3 to 8-bit decoder connected to the input of each storage Intel Corporation, dated 1992. As shown in FIG. 3, the 
element and a 1 to 8 output multiplexer circuit con- flash memory basic circuits receive a number of input 
nected to the output of each storage element. The three signals (A0-A16), address, date signals (D00-D07) and 
high order address bits of each address are decoded and control signals (CE, WE, OE, PWD and VPP). These 
used to select the storage element for the block whose 30 signals are described below in Table 2. 

TABLE 2 

Signal Descriptions 
Symbol Name and Function 

A0-A16 ADDRESS INPUTS for memory addresses. 

Addresses are internally latched during a 
write cycle. 

D0O-D07 DATA INPUTS/OUTPUTS: Inputs data and commands 
during memory write cycles; outputs data 
during memory and status read cycles. The 
data pins are active high and float to tri- 
state off when the chip is deselected or the 
outputs are disabled. Data is internally 
latched during a write cycle. 

CE CHIP ENABLE Activates the device's control 

logic, input buffers, decoders and sense 
amplifiers. CE is active low, CE high 
deselects the memory device and reduces power 
consumption to standby levels, 

PWD POWERDOWN: Puts the device in deep powerdown 

mode. PWD s active low; PWD high gates normal 
operation. PWD«VHH allows programming of the 
memory blocks. PWD also locks out erase or 
write operations when active low, providing 
data protection during power transitions. 

OE OUTPUT ENABLE: Gates the device's outputs 

through the data buffers during a read cycle. 
OE is active low. 

WE WRITE ENABLE Controls writes to the command 

register and array blocks. WE is active low. 
Addresses and data are latched on the rising 
edge of the WE pulse. 

Vpp ERASE/PROGRAM POWER SUPPLY for erasing blocks 

of the array or programming bytes of each 
block. Note: With Vpp < Vppl Max, memory 
contents cannot be altered. 



contents are to be changed. Similarly, the same three 
bits are used to select the output of the storage element 
for the block containing the flash memory location 
being read. 65 

If the lock memory 35 is fully erased, i.e., at ALL 
ONES as indicated by the contents of the L register 33 
being at all ONES, then the output buffer 52 is always 



As shown in Table 2, the Chip Enable (CE), Write 
Enable processor (WE) and Output Enable (OE)) sig- 
nals are applied to command register 50 and I/O logic 
60 from host processor 5, via bus 102 and control bus 
1056 and are dispersed to control specified logic blocks. 
A powerdown (PWD) signal is also applied to com- 
mand register 50 for enabling the flash memory to per- 
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form the operations specified in Table 2, This signal can tion for a period of time following loading to make 
be used to clear the volatile storage elements of the flash random tries an unproductive process. Loading of the 
memory's security control section as desired thereby key registers causes the "access modification allowed" 
enforcing user reauthentication when normal operation signal to be true in each chip. The ACP 10 then estab- 
™ JP" 5 r " um f d ' 5 lishes access by loading the access control memories 

Generally, the basic logic elements of the flash mem- according to the stored information configuration, 
ory operate in the following manner. Information is As a sixth step, at subsequent authentication dialog, 
stored in memory array 54 via data bus 105a, input periodically, according to the user's configuration, the 
buffer 51 and data register 55 at an addressed location of ACP 10 prompts an additional user authentication 
one of the memory blocks specified by the address re- 10 (reauthentication). In the event of failure, the ACP 10 
ceived by an address logic $6 from address bus 105c. forces all memory chips to their power on states, thus 
Information is read from a specified address location of inhibiting any access to the memories' data by clearing 
a bank of memory array 54 and is sent to host processor the access control memory 43 and clearing the contents 
5 via an output multiplexer 53, output buffer 52, data of the key register 31. Now, the operation of the system 
bus 105a and bus 102. Status register 58 is used for stor- 15 of FIG. 1 will be described with reference to FIGS. 4 
ing the status of the write state machine, the error sus- and 5. 
pend status, the erase status, the program status and the 

Vpp status. First Operations of the Day 

The write state machine 61 controls the block erase FIG. 4 shows in block diagram form, the various 
and controls program algorithms. The program/erase 20 modes of operation. Blocks 402 and 401 show the two 
voltage system 62 is used for erasing blocks of the mem- startup conditions. In block 402, the user inserts the 
ory array 54 or the progranuning bytes of each block as memory card 3 in the previously powered-up host pro- 
a function of the level of Vpp (i.e., when Vpp is at a cesser 5. In block 401, the user powers up host proces- 
nigh level prograrnnung can take place; if Vpp is at a sor 5 with memory card 3 already installed, 
low level, memory array 54 functions as a read only 25 In either of the above startup operations, during 
memor y)- block 402, the ACP 10 and its interfaces are initialized in 

DESCRIPTION OF OPERATION 8 wnven . tional manner, and block 403 clears all of the 

. V K registers 31 and the V access control memories 43 

The operation of the secure memory card of the pres- as part of the flash memories 103a through 103/i internal 
ent invention will now be described with particular 30 initialization sequence. This prevents any data from 
reference to the flow diagram of FIGS. 4 and 5. Before being read out of memories 103a through 103/1 since 
describing such operations in detail, the steps involved output buffer 52, in each memory, is disabled. The lock 
in the fabrication, customization and operation of the value is loaded into the V L registers 33 from the re- 
memory card will first be described. spective LMs 35 as a result of power on. 

As a first step, at card fabrication, the ACP 10 sets the 35 Now in block 404, ACP 10 sends an interrupt signal 
lock value for each of the memory chips on the memory to host processor 5 which responds by requesting the 
card. It does this by loading the key value into the lock PIN or other identifying information from the user In 
memory of FIG. 3. These values are stored in the block 405, ACP 10, by means of the program stored in 
ACP s protected non-volatile memory 10-2 (i.e., keys memory locations 10-2«, checks that the PIN or other 
1-n in FIG. 2). The lock storage enable elements 36 are 40 identifying information matches the information stored 
then set to ZEROs to inhibit further changing or read- in memory locations 10-2a If no match, then decision 
ing of lock memory contents. As these elements are block 406 counts an error and ACP 10 branches to 
nonvolatile, they cannot be changed unless the entire block 404 to repeat the test. If the test fails a preset 
flash memory chip is cleared, number of times, then decision block 406 branches to 

As a second step, at application customization, since 45 block 407 to cause ACP 10 to either lock up or destroy 
writing is not affected by the protection functionality, the contents of the memories 103a through 103/t 
the memory card can then be loaded with its data or 

software application. The ACP 10 is then loaded with ^ irst User Authentication Successful 

iiifonnation pertaining to the memory's bank structure If in decision block 406 there is a match indicating a 
and the degrees of protection which are to be applied to 50 successful authentication then in block 408, the ACP 10 
each memory bank. via a load key register command loads each K register 

As a third step, at user customization, the user estab- 31 from memory locations 10-2* with the appropriate 
lishes parameters for the frequency and mode of authen- key value. Also block 409 repeatedly decrements the 
tocation and specific data required (e.g., personal identi- contents of delay counter 32 issuing successive the dec- 
fication numbers (PINs)). This information is stored in 55 rement delay counter commands toward a binary zero 
the i ACP'S memory. count which causes the generation of the zero count 

^ As a fourth step, at power on, the "key register", signal 41 in FIG. 3. 

"access modification allowed" signal and "access con- In block 410, each access control memory 43 location 
trol memory" are initialized so as to inhibit access to is loaded with information by means of the read-allow 
data or writing to access control memory 43. The first 60 memory bank command to allow access to the selected 
authentication dialog is initiated. banks of the corresponding flash memory 103a through 

At first authentication dialog, the ACP 10, using the 103n. 
services of its host processor 5, prompts the user and 

receives authentication information. If authentication is Intermittent Re-authentication 

unsuccessful, no operation is performed; if successful, 65 In block 411, the ACP 10 awaits the end of the preset 
the key register of each memory chip is loaded with the time interval established by information stored in mem- 
value stored in the ACP'S memory. During this opera- ory locations 10-2a signalled by interval counter 10-8 
tion, the delay counter 32 is used to inhibit chip opera- before requesting user re-authentication. Then, in block 
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412, the ACP 10 interrupts the host processor 5 to re- microprocessor for receiving said address, data and 
quest the user to re-enter the PIN or other required control information, said memory including a non- 
identification, volatile memory section and a security control 
Decision block 413 checks the PIN or other informa- section, said memory section containing a memory 
tion received from the host processor 5 against the 5 array organized into a number of blocks, each 
information stored in memory locations 10-2a and the block having a plurality of addressable locations 
interval timer 10-8 output is recorded. The user has a and control logic means for performing said mem- 
preset time interval of typically 30 seconds in which to ory operations and said security control section 
enter the authentication information into host processor being connected to said internal bus, to said control 
5. While the clock is running, if the decision block 413 10 logic means and to said memory array, said secu- 
test fails, then block 414 records the test as an error. At rity control section including: 
that time, it checks if a maximum number of errors was a number of non-volatile and volatile storage devices 
received and branches to repeat blocks 412 and 413. If for storing at least one of said key values and con- 
the number of errors equals the maximum number, then figuration information associated with said blocks; 
in block 415, APC 10 clears the flash memory K register 15 and, 

31 by means of successive load key register commands, access control logic means connected to said control 

and clears the access control memories 43 with succes- logic means and to said storage devices, said access 

sive read-disable memory commands. Block 415 then control logic means enabling reading of informa- 

branches to block 404 to allow a new "First Authentica- tion stored in addressed ones of said blocks of said 

tion" operation to take place. 20 memory array as specified by said configuration 

If the test in decision block 413 is successful, the K information only after said microprocessor has 
register 31 remains unchanged (i.e., contains the key determined that a predetermined authentication 
value previously loaded by the ACP) enabling the user procedure has been performed with said host corn- 
to continue to operate the system 1. In the event that the puter and has enabled said access control logic 
30 seconds elapsed without decision block 413 receiving 25 means for allowing reading of said information 
the PIN or other information, the ACP 10 clears the K from said memory array according to said configu- 
register 31 and the access control memory 43 as before. ration information. 

FIG. 5 is a flow diagram which illustrates how host 2. The memory card of claim 1 wherein said micro- 
processor 5 responds to an interrupt request from APC processor and said non-volatile memory are included on 
10 for authentication in response to blocks 404 and 412 30 separate semiconductor chips, 
of FIG. 4. As shown, decision block 501 is waiting for 3. The memory card of claim 1 wherein said card 
an interrupt from the ACP 10 requesting that the user further includes interface circuit means coupling said 
re-enter the PIN or other information. Decision block card to said host computer and wherein said interface 
501 branches to block 502 when it receives the interrupt circuit means and said microprocessor are included on 
from blocks 404 or 412. Block 502 displays the request 35 the same semiconductor chip, 
for the PIN or other information on host display 5-2. 4. The memory card of claim 1 wherein said non- 
Block 503 accepts the information from the keyboard volatile memory and said non-volatile storage devices 
and block 504 interrupts ACP 10. Block 5 sends the PIN are flash memories. 

to ACP 10. 5. The memory card of claim 1 wherein one of said 

It will be appreciated by those skilled in the art that 40 non-volatile storage devices is a lock memory for stor- 

many changes may be made to the preferred embodi- ing a lock value corresponding to said one key values 

ment of the present invention without departing from its and a second one of said non-volatile devices is a lock 

teachings. For example, the invention may be used with storage enable element which connects to said lock 

(lifTerent types of non-volatile memories and different memory, said lock memory being initially loaded with 

interfaces, etc. 45 said lock value and said lock storage enable element 

While in accordance with the provisions and statutes being switched to a state which inhibits modification of 

there has been illustrated and described the best form of said lock value under control of said microprocessor, 

the invention, certain changes may be made without 6. The memory card of claim 2 wherein storage of 

departing from the spirit of the invention as set forth in said lock value and switching of said lock storage en- 

the appended claims and that in some cases, certain 50 able dement takes place during initial fabrication of said 

features of the invention may be used to advantage memory card. 

without a corresponding use of other features. 7. The memory card of claim 5 wherein one of said 

What is claimed is: volatile storage devices is an addressable access control 

1. A secure memory card for use with a host portable memory having a plurality of locations corresponding 

computer, said memory card comprising; 55 in number to said number of blocks of said memory 

a microprocessor connected for transmitting and array for storing said configuration information, said 

receiving address, data and control information to access control memory being connected to said internal 

and from said host computer and said microproces- bus and to said access control logic means, said access 

sor including: control memory being loaded under control of said 

as addressable non-volatile memory for storing infor- 60 microprocessor only after said microprocessor has de- 

mation including a number of key values and con- termined that said predetermined authentication proce- 

figuration information; dure initially has been successfully performed with said 

an internal bus connected to said microprocessor for host computer causing enabling of said access control 

transmitting address, data and control information memory by said access control logic means, 

defining memory operations to be performed by 65 8. The memory card of claim 7 wherein said lock 

said card; and, value loaded into said lock memory is all ONES and 

at least one non-volatile addressable memory being wherein said security control section further includes an 

connected to said internal bus in common with said all ONES detector circuit connected to said lock mem- 
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ory, said detector circuit in response to said lock value 
of all ONES generating a signal which effectively by- 
passes said security control section enabling said non- 
volatile memory to operate as if said security control 
section had not been included. 5 

9. The memory card of claim 7 wherein performance 
of said predetermined authentication procedure initially 
takes place when said memory card is first connected to 
communicate with said host computer. 

10. The memory card of claim 9 wherein said access 10 
control means includes a lock register connected to 
receive said lock value from said lock memory, a com- 
parator circuit, a key register for storing a key value 
transferred to said key register by said microprocessor, 

a delay counter for storing a count defining a predeter- 15 
mined time interval and gating means connected to said 
access control memory, to said comparator and to said 
delay counter, said comparator circuit being connected 
to said lock and key registers and to said gating means 
and said gating means being connected to said delay 20 
counter for generating an access modification allowed 
signal in response to said comparator circuit signalling 
an identical comparison between said lock code value 
loaded into said lock register when said delay counter 
has signalled an end of said predetermined time interval, 
said access modification allow signal conditioning said 
access control memory for loading said configuration 
information. 

11. The memory card of claim 10 wherein said con- - 0 
trol logic means includes circuits for generating com- 
mand signals in response to a predetermined set of com- 
mands used by said microprocessor in controlling the 
operation of said security control section of each mem- 
ory chip. 35 

12. The memory card of claim 11 wherein said con- 
trol logic means in response to a first one of said prede- 
termined set of commands generated by said micro- 
processor, generates a first signal for loading said lock 
code value into said lock memory, said first one of said 40 
predetermined commands being generated during initial 
fabrication of said card. 

13. The memory card of claim 12 wherein said con- 
trol logic means in response to a second one of said 
predetermined set of commands generated by said mi- 45 
coprocessor generates a second signal for switching 
said lock storage enable element to a predetermined 
state which inhibits said reading or said modification to 
said lock value stored in said lock memory. 

14. The memory card of claim 12 wherein said con- 50 
trol logic means in response to a third one of said prede- 
termined set of commands generated by said micro- 
processor, generates a third signal for loading said key 
register with a predetermined one of said key values, 
said third one of said predetermined set of commands 55 
being generated by said microprocessor only after said 
microprocessor has determined that said predetermined 
authentication procedure has been successfully per- 
formed. 

15. The memory card of claim 14 wherein said third 60 
signal generated by said control logic means simulta- 
neously forces said delay counter to a predetermined 
count for establishing a start of said predetermined time 
interval and wherein said control logic means in re- 
sponse to each fourth one of said predetermined set of 65 
commands generated by said microprocessor decre- 
ments by one, said predetermined count, said delay 
counter signalling said end of said time interval follow- 
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ing execution of a predetermined number of said fourth 
ones of said set of predetermined commands. 

16. The memory card of claim 11 wherein said con- 
trol logic means in response to a number of fifth and 
sixth ones of said predetermined set of commands by 
said microprocessor, generates fifth and sixth signals for 
setting and resetting locations in said access control 
memory according to said configuration information 
for defining which ones of said blocks from which infor- 
mation is allowed to be read out. 

17. A secure memory card installable in a host porta- 
ble computer for establishing communication with said 
host computer, said memory card comprising: 

a microprocessor contained on a single semiconduc- 
tor chip, said microprocessor being connected for 
transmitting and receiving address, data and con- 
trol information to and from said host computer 
and said microprocessor including; 
an addressable non-volatile memory for storing infor- 
mation including a number of key values defining 
user accessibility to memory areas, and memory 
configuration information defining memory read 
.out accessibility to said memory areas; 
an internal bus for transmitting address, data and 
control information defining memory operations to 
be performed by said card; and, 
at least one non-volatile addressable memory chip 
being connected to said internal bus in common 
with said microprocessor for receiving said ad- 
dress, data and control information, said memory 
chip including a memory section and a security 
section, said memory section containing a non- 
volatile memory array having a data output and 
being organized into a number of blocks, each hav- 
ing a plurality of addressable locations and control 
logic means for performing said memory opera- 
tions, said security section being connected to said 
internal bus, to said control logic means and to said 
data output and said security section including: 
a non-volatile lock memory coupled to said inter- 
nal bus for initially receiving and permanently 
storing a predetermined lock value which 
matches one of said number of key values; 
access control logic means connected to said con- 
trol logic means and to said lock memory for 
generating an enabling signal upon detecting 
when said predetermined lock code value identi- 
cally matches a selected one of said key values 
applied by said microprocessor to said internal 
bus; and, 

an addressable volatile access control memory 
having a plurality of locations corresponding in 
number to said number of blocks of said memory 
array for storing said memory configuration 
information defining said read out accessibility, 
said access control memory being connected to 
said control logic means, to said memory array 
data output, to said internal bus, and to said ac- 
cess control logic means, said access control 
logic means enabling reading of information 
stored in addressed ones of said blocks of said 
memory array as specified by said memory con- 
figuration information only after said micro- 
processor has determined that a predetermined 
authentication procedure has been successfully 
performed with said host computer and has 
transferred said predetermined one of said mem- 
ory key codes causing said access control logic 
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means to generate said enabling signal for appli- 
cation to said data output for enabling reading 
out said information to said data output as speci- 
fied by said access control memory configura- 
tion information. 

18. A secure memory card including a number of 
non-volatile memory chips, each memory chip includ- 
ing a memory array organized into blocks of address- 
able locations, having a capability of operating* in a 
number of modes, said card comprising: 

a lock memory for storing a lock value; 

control means for generating first and second com- 
mands and a predetermined key value; 

a key register coupled to said control means and 
responsive to said first command for storing said 
predetermined key value; 

a comparator coupled to said lock memory and to 
said key register, said comparator generating a 
compare signal whenever said lock value and said 
predetermined key value are equal; 

a delay counter coupled to said generating means and 
responsive to said first command for setting said 
counter to a maximum count value, and responsive 
to a sequence of successive second commands for 
generating a zero count signal when said delay 25 
counter has been decremented to zero; 

logic circuit means coupled to said comparator and to 
said delay counter, said logic circuit means respon- 
sive to said compare signal and said zero count 
signal for generating an access modification al- 
lowed signal; 

said control means for generating a third command, 
and first address signals and subsequent address 
signals identifying a first of said blocks and subse- 
quent blocks respectively; and, 

access control memory means being coupled to said 
logic means and to said control means, said access 
control memory responsive to said access memory 
enable signal, said address signals and said third 
command for storing indications signifying when 40 
said one of said blocks and said subsequent blocks 
are enabled for reading. 

19. The system of claim 18 wherein said predeter- 
mined value and maximum values are selected to be 
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memory chip including a memory array organized into 
blocks of addressable locations and control logic cir- 
cuits for generating command signals for performing 
memory operations, said method comprising the steps 
of: 

(a) incorporating a microprocessor into said card 
which is connected to communicate with said host 
computer when installed therein, said microproces- 
sor including an addressable non-volatile memory 
for storing information including a number of key 
values defining user accessibility to memory areas 
and memory configuration information defining 
accessibility to said memory areas; 

(b) incorporating security logic circuits into each 
non-volatile memory chip, said security logic cir- 
cuits including a non-volatile lock memory for 
storing a predetermined lock value, access control 
logic means connected to said lock memory and an 
addressable volatile access control memory having 
a plurality of locations corresponding in number to 
said number of blocks for storing accessibility bit 
information according to said configuration infor- 
mation; 

(c) interconnecting said microprocessor to each 
memory chip for transferring address, data and 
control information to said each memory chip; 

(d) modifying said control logic circuits to be respon- 
sive to a plurality of commands for operating said 
security logic circuits; 

(e) connecting said microprocessor for performing an 
initial preestablished user authentication operation 
with said host computer; and, 

(0 connecting said security logic circuits to be en- 
abled by said microprocessor transferring specific 
ones of said plurality of commands to said each 
chip only when said authentication operation in 
step (e) has been successfully performed for allow- 
ing said information stored in different ones of said 
blocks to be read out according to said accessibility 
bit information stored in said access control mem- 
ory. 

24. The method of claim 23 wherein said micro- 
processor non-volatile memory has a number of sec- 
tions and wherein said key values are provided by gen- 



sufficiently large so as to prevent ease of access to said 45 erating random values for said key values which are to 
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information stored in said non-volatile memory when 
said memory card is placed in an unauthorized host 
computer. 

20. The card of claim 18 wherein said control means 
includes a microprocessor which couples to said mem- 
ory which, upon successfully performing a first user 
authentication operation, generates said first, second 
and third commands. 

21. The card of claim 20 wherein said first command 
is a load key command, said second command is a dec- 
rementing command and said third command is a read 
allow block command. 

22. The card of claim 18 wherein said memory fur- 
ther includes command control means for decoding a 
predetermined set of commands for conditioning said 60 
card to perform normal memory operations, and said 
command control means including means for decoding 
an additional set of commands including said first, sec- 
ond and third commands for providing security for 
information stored in said memory. 

23. A method of organizing for operation, a secure 
memory card installable in a host computer which in- 
cludes a number of non-volatile memory chips, each 
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be loaded into a first one of said number of sections. 

25. The method of claim 23 wherein said method 
further includes the steps of: (g) including an interval 
counter in said microprocessor; (h) connecting said 
interval counter to said microprocessor non-volatile 
memory and said interval counter being loaded with a 
value corresponding to a user selected time interval; 

0) connecting said microprocessor for periodically 
initiating said user authentication operation of step 
(e) at said user selected time interval; and, 

(j) connecting said security logic circuits to be en- 
abled for continuing to allow said information 
stored in said blocks to be read out according to 
said accessibility bit information as long as said 
authentication operation of step (e) is successfully 
performed. 

26. A method of constructing a secure memory card 
which includes a number of non-volatile memory chips 
for storing large quantities of information, each memory 
chip including a memory array organized into blocks of 
addressable locations and control logic circuits for gen- 
erating command signals for performing memory oper- 
ations, said method comprising the steps of: 
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(a) incorporating a microprocessor into said card, 
said microprocessor including an addressable non- 
volatile memory for storing information including 
a number of key values defining user accessibility 
to memory areas and memory configuration infor- 5 
mation defining accessibility to said memory areas; 

(b) incorporating security logic circuits into each 
non-volatile memory chip, said security logic cir- 
cuits including a non-volatile lock memory for 10 
storing a predetermined lock value, access control 
logic means connected to said lock memory and an 
addressable volatile access control memory having 

a plurality of locations corresponding in number to 
said number of blocks for storing user accessibility 15 
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bit information in accordance with said configura- 
tion information; 

(c) interconnecting said microprocessor to each 
memory chip for transferring address, data and 
control information to said each memory chip; and, 

(d) modifying said control logic circuits to incorpo- 
rate a plurality of commands for operating said 
security logic circuits as an extension to a set of 
commands normally provided by said control logic 
circuits whereby said security logic circuits protect 
said information contained in said number of chips 
from being read out in an unauthorized manner 
even when said chips are removed from said mem- 
ory card. 

***** 
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